A vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer could be exploited by remote, non-authenticated attackers to execute unauthorized / malicious code as root, Fortinet has warned. The vulnerability affects the solutions’ fgfmsd daemon, and could be triggered by senging a specially crafted request to the fgfm port of a vulnerable device. Fortinet has provided security updates to fix the flaw, as well as workarounds if updating is impossible. About FortiManager and FortiAnalyzer FortiManager is an operations … More
The post Fortinet plugs RCE hole in FortiManager and FortiAnalyzer (CVE-2021-32589) appeared first on Help Net Security.